Tech Friday

posted by Brian Thomas -

  • Turn off your Bluetooth when not actively using it:
    • Security firm Armis recently announced a new Bluetooth attack known as BlueBorne
    • BlueBorne leverages a series of vulnerabilities in the Bluetooth implementation on a variety of software platforms including Android, Windows, iOS and Linux
    • When Bluetooth is enabled, it's open and waiting for potential connections. A BlueBorne attack scans for enabled devices and probes them to determine if they have the necessary vulnerabilities 
    • When a vulnerable device is found, attackers can potentially take control of the device
    • The attack can also jump from device to device if other vulnerable targets are close by
    • Attackers need to be within the Bluetooth range of a device which is roughly 33 feet
    • "For attackers it's Candy Land," said David Dufour, vice president of engineering and cybersecurity at Webroot. "You sit with a computer with a Bluteooth-enabled radio—just scanning for devices saying, ‘Hey, is anybody out there?’ Then you start prodding those devices to look for things like the operating system and the Bluetooth version. It’s a hop, skip, and a jump to start doing bad stuff.” 
    • "We wanted get the research community on board with this, because it didn’t take us a long time to find these bugs, one thing kind of led to another and we found eight really severe vulnerabilities,” Ben Seri - Armis
    • "Attacks against improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information and unauthorized use of Bluetooth devices and other systems or networks to which the devices are connected," the National Institute of Standards and Technology wrote in its May "Guide to Bluetooth Security" update
    • iOS was patched in the 2016 iOS 10 release, Microsoft patched the flaw in Windows in July, and Google is working on deploying a patch, but the fragmented nature of Android means it can take considerable time
    • Unfortunately, BlueBorne can also impact Internet of Things (IOT) devices
    • Many IoT devices are built on Linux and can be difficult to patch
    • Apparently a Linux patch is in the works but has yet to released
    • To the extent possible, ensure that your devices are patched
    • Whenever you don't absolutely need Bluetooth functionality turn it off to minimize your risk
    • Disabling Bluetooth when not needed will also help you conserve power
  • Can lost identities be reclaimed?:
    • An increasing number of security breaches resulting in massive amounts of leaked personal data are raising consumer awareness and concern
    • Equifax, being the most recent and worst breach so far, has made concepts like "credit freeze" and "identity theft monitoring" commonplace
    • There are things you can do to protect yourself and your family:
    • It's important to note that none of these things are a bulletproof guarantee against identity theft
    • Many experts contend that most digital consumer information has already been compromised
    • The key question is who really owns your digital identity and what can you do to protect it?
    • Corporations can claim ownership of most of the information in the  digital identities that they have assembled
      • Social security numbers are owned by the Federal government
      • Drivers license numbers are owned by the issuing state government
    • If you're not paying with money, you're paying with data. You are giving up much of this information as the cost to use "free" apps and platforms such as Facebook
    • These corporations are also collecting information from your "data exhaust", information that you freely put out there about yourself
    • Data brokers are constantly buying, aggregating and selling this information
    • We are not the customers of these organizations, we are the product
    • Currently, the laws on the books don't specify any penalties for breaches, so the consumer whose data is breached bears the burden
    • Unfortunately, real lives are impacted, (sometimes severely) by what happens in the cyberspace
    • So can lost identities be reclaimed? Probably not
    • However, there are two things that would make a big positive impact:
      • Put the onus on the companies that collect this data to up when pay when it's breached so that they have a much stronger incentive to do everything possible to protect it
      • Require the use of Two Factor Authentication (2FA) so that any information leaked becomes MUCH harder to use
  • Cyberflashing:
    • Sadly, yes, it's a thing and has been happening in places including New York City and London
    • It was first discovered in London in 2015 and has since gone global
    • Folks who use the Apple AirDrop file sharing feature can be subjected to unwanted lewd content
    • AirDrop is designed to allow users to share files quickly and easily over WiFi and Bluetooth, and it has 3 settings: "Receiving Off", "Contacts Only", and "Everyone"
    • When the Everyone setting is enabled, you can receive content from ANYONE that has the AirDrop software
    • The good news is that the "Contacts Only" option is the default
    • You could be on a bus, in an airplane, sitting at the courtyard at the mall or even stilling in a classroom at school. If someone is within the 33 foot range or Bluetooth, they can send you virtually anything
    • Once someone sends something, you get a message that something has been shared. If you accept, it's displayed on the phone, you really have no way not to see it at that point
    • Unfortunately, bad people have discovered that they can send you lewd photos that are difficult to trace
    • And what's possibly even worse than unwanted pornography is the possibility that someone could send you malware such as a virus or keystroke logger 
    • Sadly, these people are more likely than not to get away with Cyberflashing because police departments are overwhelmed with worse crimes and don't have the skills or resources to battle cyber crimes
    • If you don't use this service, ensure it's turned off. If you do use it, either turn it on when needed and off when it's not needed, or ensure that you're set to only receive content from known contacts
    • Android has a similar capability called Beam, but it is more cumbersome to use and so far, has not been exploited this way

Comments

Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here

This ad will close in X seconds.